Page 1 of 2 12 LastLast
Results 1 to 25 of 38
  1. #1
    Join Date
    Jul 2002
    Location
    World Wide Web
    Posts
    2,347

    Exclamation Protection from hacking - the basics

    These days, more and more websites are being hacked due to several reasons. Being hacked can cause your site to lose all of it's data if the hacker get's full control of your site for long enough. Each backup replaces the last one so if the hacker has your site for long enough, the new backups will be of the hacked site and you will not have any original backups left. Thus all the available backups are useless. Please follow the advice below to keep this from happening:

    1. If you haven't already, please immediately install one of the available Antivirus programs. If you use Microsoft Windows, I can suggest you install and use Microsoft Security Essentials or Microsoft Defender (it depends on the Windows version you own). You can get it for free if you havel Microsoft Windows from here: http://windows.microsoft.com/en-us/w...tials-download
    Take care to update it daily with the latest update available. It usually happens automatically every time you connect to the internet. Do not forget to perform a full scan at least once per week using your antivirus, including all of your hard disks (internal or external) and on USB sticks.

    2. No matter which antivirus program you use, please download this free software: http://www.malwarebytes.org/ from this location: http://www.malwarebytes.org/products/malwarebytes_free/
    Install it on all your PCs and then update it to the latest version. This program will not cause a conflict with your installed antivirus. It works in addition every time you perform a full scan with it. You have to remember to update it at least once per week and then perform a full scan on all of your hard disks (internal or external) and on your USB sticks.

    3. If you are using free site software such as WordPress or Joomla, Drupal, SMF, etc, you have to update this software immediately to the latest version every time it becomes available. Usually every new version of these software closes some 'holes' which hackers are using to attack your site. So if you leave an old version running on your site, it is very likely that you will be attacked by hackers. Please check often for new versions and update these.

    4. In case you use free software such as WordPress, Joomla, Drupal, SMF, etc, it is wise to avoid using free templates, modules/plugins/components because some developers leave backdoors in order to offer access later to hackers. It is better to buy templates/themes/plugins so you can have support from their creators and update to new safer versions. Often hackers gain access from free templates or plugins/modules/components.

    5. Another common method of hacking is to 'steal' FTP or cPanel passwords while you type it in order to access your site using keyloggers or other malware that may exist in your computer. The password for FTP/cPanel has to be very strong with numbers, letters, special characters, etc. Also you need to change your passwords from time to time. Randomly generated passwords are best and please avoid using simple words. I suggest using a random generator to change it once per month.

    6. I suggest to keep your own backups generated from cPanel or other control panel. Download both zip file of all your files and another one for your database if you use any. You have to take as many backups as you can and keep a history of them safe on your computer.

    I hope this article was helpful to you and if you remember nothing else, please run your antivirus/malware software and backup your site once per week.
    NetDynamics LLC - One-stop Solution for Hosting Needs
    We love Backups! Backup storage for your server backups

  2. #2
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    Nice tutorial, maybe add ask your provider to give you a random username, and use a strong password as most accounts are the first five digits of the domain name which is easy to guess. eg:

    Domain: example.com
    cPanel Username: examp

  3. #3
    Great Tips Thank's a lot

  4. #4
    Join Date
    Apr 2013
    Location
    Data center
    Posts
    541
    Thanks for this article.

    To add to that refrain from using usernames such as ‘admin’ or ‘administrator’ when using for scripts such as wordpress or joomla. Hackers are usually targeting these.

    .htaccess ip protection also works for administration directories.

  5. #5
    Join Date
    May 2013
    Posts
    55

    Re: Protection from hacking

    Great article, since we not respect with any cracker who used hacker as a blackmail on this... totally different in my dictionary between hacker and cracker.

    but keep on our mind always open so we can always aware better than will make sorry in the next.

    great community will help us to keep aware as OP try to do... keep up bro

  6. #6
    Nice tips thank you very much.

  7. #7
    Join Date
    Aug 2013
    Location
    Ernakulam
    Posts
    17
    Great tricks.. thank you so much

  8. #8
    Join Date
    Aug 2010
    Location
    Belgium
    Posts
    657
    Well, this is all interesting and all - but you don't need these steps if you can prevent instead of cure..

    The main point is to secure your code, avoid third party code and make it yourself - if you can't make it yourself rent someone and make sure that they don't backdoor your service (this seems to be common with most freelancers lately, unfortunately.

    Secondly, why would you have your Windows server clogged up like that? I'm pretty sure those will not stop anyone from placing fully undetectable malware or penetrating your server.
    AssetGateway
    █ Skype da_arco

  9. #9
    Join Date
    Oct 2010
    Location
    Iraq
    Posts
    409
    Hello,

    you should change the subject to "Protection from basic hacking" tbh.

    I appreciate what you mentioned but that will protect you from skiddies only .

    Highest Regards
    Mohammed H
    Xsltel OÜ | Fast and Steady Internet services
    cPanel Webhosting | VPS Hosting | Since 2011

  10. #10
    Join Date
    Jul 2002
    Location
    World Wide Web
    Posts
    2,347
    Quote Originally Posted by Mohammed H View Post
    Hello,

    you should change the subject to "Protection from basic hacking" tbh.

    I appreciate what you mentioned but that will protect you from skiddies only .

    Highest Regards
    Mohammed H
    Thank you for your kind advice. However, the most clients are not doing even those steps described there. It would be ideal if everyone was taking even those simple steps.
    NetDynamics LLC - One-stop Solution for Hosting Needs
    We love Backups! Backup storage for your server backups

  11. #11
    Join Date
    May 2013
    Posts
    294
    And is malwarebytes.org necessary if you have AVAST?
    Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.Sancte Michael Archangele, defende nos in proelio, contra nequitiam et insidias diaboli esto praesidium. Imperet illi Deus, supplices deprecamur: tuque, Princeps militiae coelestis, Satanam aliosque spiritus malignos, qui ad perditionem animarum pervagantur in mundo, divina virtute, in infernum detrude. Amen

  12. #12
    Join Date
    Jul 2002
    Location
    World Wide Web
    Posts
    2,347
    Quote Originally Posted by psalm91 View Post
    And is malwarebytes.org necessary if you have AVAST?
    According my opinion, yes.
    NetDynamics LLC - One-stop Solution for Hosting Needs
    We love Backups! Backup storage for your server backups

  13. #13
    Great tips, especially in this order.
    Users mail us first, but 9 out of 10 times the reason a website got hacked was a stolen FTP password. So people need to check their own security in the first place.

    Quote Originally Posted by Dr_Michael View Post
    4. In case you use free software such as WordPress, Joomla, Drupal, SMF, etc, it is wise to avoid using free templates, modules/plugins/components because some developers leave backdoors in order to offer access later to hackers. It is better to buy templates/themes/plugins so you can have support from their creators and update to new safer versions. Often hackers gain access from free templates or plugins/modules/components.
    I really don't think this is true and its an insult for hard working (free!) template designers and plug-in developers.
    You should be aware for plug-ins that haven't been updated in a while though. Like all software and plug-ins you should keep them updated with the latest versions and security patches. Don't use a plug-in that is developed for an old WordPress version. Although it might work on the latest WP version, it clearly isn't updated for a while and might be a security risk.
    Last edited by cfmweb; 08-15-2013 at 12:11 PM.

  14. #14
    wow thank you for the security tips. The thing about changing a password is totaly right as a simple password can be easily brute forced

  15. #15
    There's a lot to be said about security, you have covered a very, very small part of.

    It would be a very good idea to cover this completely (more or less) within 1 topic, so the novice users can benefit from it.

    Also, avast?!... I suppose it's best to have *SOME* antivirus, rather than don't have any.

  16. #16
    Join Date
    Jul 2002
    Location
    World Wide Web
    Posts
    2,347
    Quote Originally Posted by Vex76 View Post
    Also, avast?!... I suppose it's best to have *SOME* antivirus, rather than don't have any.
    I have mentioned Antivirus protection.
    NetDynamics LLC - One-stop Solution for Hosting Needs
    We love Backups! Backup storage for your server backups

  17. #17
    having an antivirus is important . Once i got hacked and the hacker stole my server's ftp accounts. That way he hacked my websites

  18. #18
    Quote Originally Posted by Dr_Michael View Post
    4. In case you use free software such as WordPress, Joomla, Drupal, SMF, etc, it is wise to avoid using free templates, modules/plugins/components because some developers leave backdoors in order to offer access later to hackers. It is better to buy templates/themes/plugins so you can have support from their creators and update to new safer versions. Often hackers gain access from free templates or plugins/modules/components.
    [/B]
    Its better to install these software using a auto installer such as Softaculous as they send reminders once a script upgrade is available then you can upgrade using auto installer itself with just few clicks.
    [DC'S] SINGAPORE. AUSTRALIA. JAPAN. INDIA. CHINA HK. USA. UK. NETHERLANDS. SOUTH AFRICA
    MyCompanyWeb™: Start Your Own Professional Web Hosting Company in 24 Hours
    SkyNetHosting.Net Reseller Hosting. Resell VPS and Dedicated Servers 16 Years in Business!
    Master Reseller + MailChannels + End User Support + NVMe SSD + LiteSpeed Your Reseller Hosting Specialist

  19. #19
    Join Date
    Sep 2013
    Posts
    30
    Good tips. However, there's one huge piece missing from your advice:

    NEVER use FTP. Use SFTP only. Do not use a web host if they don't offer SFTP.

    SFTP encrypts your communication, FTP does not, which means FTP can be easily broken by monitoring communications. You yourself, need not be the target in order for someone to sniff your password during FTP logins... if your web host is targeted and you log in via FTP, you've just had your password pickpocketed. And they don't care if you're nobody and you have nothing on your site... any foothold is good enough.

    In fact, sites which are barely ever used, are the best targets - because, admins of those less-used sites won't notice the zombie botnet / spam factory / drug drop-shipping / etc on those sites.

    By the way, all web hosts are being targeted at all times, so, using FTP is like pinning a $100 bill on a blind man's back and putting him on the bus. You can kiss it goodbye, guaranteed.

  20. Hacking is really a very hilarious problem indeed.
    I had a Wordpress website and it got attached by hackers several times. everytime I have to restore my website from step one. It was a very disappointing experience. You share an important piece of information regarding security from hacking. Keep sharing more information.

  21. #21
    Join Date
    Oct 2013
    Posts
    30
    nice tutorial and helpful information

  22. #22
    Join Date
    Jun 2013
    Location
    Pekanbaru, ID
    Posts
    227
    Thanks, nice shared

  23. #23
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,397
    As a developer I would tend to disagree with point 3. Not all updates my Wordpress address security issues per se so not unless it does address a security concern, you do not need to update to the latest version. Constant updating can cause your website to break because some updates are simply to address bug fixes (which may not be of a major concern if you are a developer or have a developer on your payroll)
    If you're the smartest person in the room then you're in the wrong room

  24. #24
    Thank you for the advice Michael everyone should follow these steps for basic protection. It's sad when people have nothing better to do than destroy other peoples websites.
    GeneratePress ~ The Best WordPress Theme I Have Ever Used

  25. #25

    protections

    You should follow OWASP guidelines.

    From my point of view, priority is :

    1 Follow and Install security updates of your CMS.
    2 Assess all your admin users and ensure they have a strong passwords.
    3 Restrict access to administrative panels by source IP or with a first-level password (ie. htaccess).
    4 Do not run your HTTP server with root/admin credentials.
    5 Install a local web application firewall (WAF) such a mod_security.
    6 Expensive: do perform a penetration tests by security experts.

Page 1 of 2 12 LastLast

Similar Threads

  1. Hosting with Hacking Protection?
    By wayandrs in forum Web Hosting
    Replies: 32
    Last Post: 08-30-2012, 03:01 AM
  2. Replies: 0
    Last Post: 04-29-2012, 05:09 PM
  3. The basics?
    By vivithemage in forum Dedicated Server
    Replies: 8
    Last Post: 03-31-2009, 12:27 PM
  4. Hacking server !!! not hacking accounts anymore
    By AndyJ in forum Hosting Security and Technology
    Replies: 22
    Last Post: 01-24-2005, 04:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •